Cyber Posture

CVE-2025-68968

High

Published: 14 January 2026

Published
14 January 2026
Modified
15 January 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68968 is a high-severity Double Free (CWE-415) vulnerability in Huawei Harmonyos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

SI-2 requires identification, reporting, and correction of system flaws like this double free vulnerability through timely patching as detailed in Huawei support bulletins.

SI-16 Memory Protection good match
prevent

SI-16 implements controls to minimize the impact of memory-related flaws such as double frees, preventing unauthorized access and exploitation attempts.

SI-10 Information Input Validation partial match
prevent

SI-10 validates and sanitizes inputs to the multi-mode input module, reducing the likelihood of triggering the double free vulnerability via malformed local inputs.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Double-free memory corruption in local input module directly enables arbitrary code execution by low-privileged attacker, mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function.

Deeper analysisAI

CVE-2025-68968 is a double free vulnerability (CWE-415) in the multi-mode input module affecting Huawei consumer products. Published on 2026-01-14T03:15:51.740, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation may affect the input function.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Exploitation could result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise within the affected input function.

Huawei has published support bulletins addressing this issue, available at https://consumer.huawei.com/en/support/bulletin/2026/1// and https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//, which likely detail patches or mitigation steps for affected consumer and laptop devices.

Details

CWE(s)
CWE-415

Affected Products

huawei
harmonyos
6.0.0

CVEs Like This One

CVE-2025-68957Same product: Huawei Harmonyos
CVE-2025-68960Same product: Huawei Harmonyos
CVE-2024-56439Same product: Huawei Harmonyos
CVE-2025-68958Same product: Huawei Harmonyos
CVE-2026-24930Same product: Huawei Harmonyos
CVE-2025-68956Same product: Huawei Harmonyos
CVE-2024-56451Same product: Huawei Harmonyos
CVE-2026-24926Same product: Huawei Harmonyos
CVE-2024-57955Same product: Huawei Harmonyos
CVE-2024-58043Same product: Huawei Harmonyos

References